Esc
↑↓ navigate   Enter open   Esc close
Advanced Vocabulary 15 min read

Cloud Architecture Vocabulary: 80 Essential Terms for AWS, Azure, and GCP

Master cloud architecture vocabulary: IaaS, PaaS, SaaS, VPC, IAM, serverless, FinOps, cloud-native patterns, Well-Architected Framework pillars, and 70 more terms.

#vocabulary#cloud#aws#azure#gcp#cloud-architect

Cloud architects design systems that are reliable, secure, cost-efficient, and scalable. Their vocabulary spans infrastructure concepts, specific cloud services, architecture patterns, and financial operations — all documented in English across AWS, Azure, and GCP. This guide covers the 80 terms you need to discuss, design, and present cloud architectures.

Cloud Service Models

IaaS (Infrastructure as a Service)

IaaS provides virtualised compute, storage, and networking — you manage the VMs, OS, and software. Examples: AWS EC2, Azure Virtual Machines, GCP Compute Engine.

PaaS (Platform as a Service)

PaaS provides a managed platform for running applications — you manage the code and configuration; the provider manages the runtime, OS, and infrastructure. Examples: AWS Elastic Beanstalk, Azure App Service, GCP App Engine.

SaaS (Software as a Service)

In SaaS, the provider manages everything — you just use the application. Examples: Gmail, Salesforce, GitHub. Architecture context: choosing SaaS vs. building your own.

FaaS (Function as a Service) / Serverless

FaaS runs individual functions on-demand — zero server management, automatic scaling, pay-per-invocation. Examples: AWS Lambda, Azure Functions, GCP Cloud Functions.

“We moved the image resizing job to a Lambda function — it scales from zero to 10,000 invocations without any provisioning.”

Cloud-Native

Cloud-native applications are designed specifically for the cloud — containerised, microservices-based, managed via APIs, CI/CD-deployed, and horizontally scalable.

Cloud Deployment Models

Public Cloud

The public cloud is infrastructure owned and operated by a provider (AWS, Azure, GCP) and shared with multiple customers, isolated by virtualization and IAM.

Private Cloud

A private cloud is dedicated infrastructure for a single organisation — on-premise or in a data centre. More control; higher cost.

Hybrid Cloud

A hybrid cloud combines public and private cloud, with connectivity between them (VPN or Direct Connect). Allows keeping sensitive data on-premise while bursting to public cloud.

Multi-Cloud

A multi-cloud strategy uses two or more public cloud providers — for resilience, avoiding vendor lock-in, or accessing specific services.

On-Premise / On-Prem

On-premise (or on-prem) infrastructure is owned and operated by the organisation in their own data centres. Contrasts with cloud.

Co-Location (Colo)

Co-location means housing your own servers in a third-party data centre — you own hardware; they provide physical security, power, and cooling.

Core Cloud Concepts

Region

A region is a geographic area containing multiple Availability Zones (AZs). Choosing a region near users reduces latency; compliance requirements may mandate specific regions.

Availability Zone (AZ)

An AZ is a physically separate data centre within a region, with independent power, cooling, and networking. Deploying across multiple AZs provides fault tolerance.

Edge Location / PoP

Edge locations (Points of Presence) are CDN nodes closer to users than the main region — used by CloudFront (AWS), Azure CDN, and Cloud CDN (GCP) to cache content and reduce latency.

Availability

Availability is the percentage of time a service is operational and accessible. 99.9% = 8.7 hours downtime/year; 99.99% = 52 minutes/year; 99.999% = 5 minutes/year.

Elasticity

Elasticity is the ability to automatically scale resources up and down with demand — provisioning more capacity during traffic spikes and releasing it when demand drops.

Networking

VPC (Virtual Private Cloud)

A VPC is an isolated virtual network in the cloud. Contains subnets, route tables, internet gateways, and security groups.

Subnet

A subnet is a range of IP addresses within a VPC. Public subnets have routes to the internet gateway; private subnets do not.

Security Group

A security group is a stateful virtual firewall that controls inbound and outbound traffic to instances. Applied at the instance level.

NACL (Network Access Control List)

A Network ACL is a stateless firewall at the subnet level — rules are evaluated for both inbound and outbound traffic separately.

VPN / Direct Connect / ExpressRoute

  • VPN — encrypted tunnel over the public internet connecting on-prem to the cloud VPC
  • AWS Direct Connect / Azure ExpressRoute / GCP Cloud Interconnect — dedicated private network link to the cloud; lower latency, more consistent bandwidth than VPN

CDN (Content Delivery Network)

A CDN caches content at edge locations worldwide, serving requests from the nearest node. Reduces latency for static assets (images, JS, CSS).

Compute

Auto Scaling

Auto Scaling automatically adjusts the number of instances in a group based on demand (CPU, request rate) or schedule. Ensures you have enough capacity without over-provisioning.

Load Balancer

A load balancer distributes incoming requests across multiple backend instances. Types:

  • ALB (Application Load Balancer) — Layer 7 (HTTP/HTTPS), path-based and host-based routing
  • NLB (Network Load Balancer) — Layer 4 (TCP/UDP), ultra-low latency for high-throughput

Container / Docker

A container packages an application with all its dependencies into a portable, isolated unit. Docker is the standard container runtime.

Kubernetes (K8s) / EKS / AKS / GKE

Kubernetes is the standard container orchestration platform. Managed Kubernetes services: EKS (AWS Elastic Kubernetes Service), AKS (Azure Kubernetes Service), GKE (Google Kubernetes Engine).

Storage

Object Storage

Object storage stores unstructured data as objects (files + metadata + unique ID). Massively scalable, durable (11 nines), and cheap. Examples: S3 (AWS), Azure Blob Storage, GCS (GCP).

Block Storage

Block storage provides raw, low-latency storage volumes mounted to instances — like a virtual hard drive. Examples: EBS (AWS), Azure Managed Disks, GCP Persistent Disk.

File Storage

File storage provides shared, network-accessible file systems. Examples: EFS (AWS Elastic File System), Azure Files, GCP Filestore.

Lifecycle Policy

A lifecycle policy automatically transitions objects to cheaper storage tiers (e.g., Infrequent Access, Glacier) or deletes them after a defined period.

Identity & Access Management

IAM (Identity and Access Management)

IAM controls who can do what in a cloud environment — users, roles, policies, and permissions.

Least Privilege

The principle of least privilege means granting the minimum permissions necessary. IAM roles should not have wildcard (*) permissions in production.

Role

An IAM role is an identity with permissions that can be assumed by trusted entities — another service, a user, or a cross-account principal. Roles are preferred over long-lived access keys.

Service Account / Managed Identity

A service account (GCP/GCP) or managed identity (Azure) is an identity for a workload (VM, Lambda, pod) — allows services to make API calls without storing credentials.

MFA (Multi-Factor Authentication)

MFA requires a second verification factor (TOTP app, hardware key) in addition to a password. Mandatory for cloud console access.

Reliability & Resilience

High Availability (HA)

High availability is designing systems that remain operational despite component failures — typically through redundancy across multiple AZs.

Fault Tolerance

Fault tolerance goes further than HA — the system continues functioning correctly even when components fail, without any degradation.

Disaster Recovery (DR)

DR is the plan and process for restoring operations after a major failure (region outage, ransomware, accidental deletion). Defined by RPO and RTO targets.

RPO (Recovery Point Objective)

RPO is the maximum acceptable data loss in time — how far back can data be recovered to?

RTO (Recovery Time Objective)

RTO is the maximum acceptable recovery time — how long can the system be down?

Circuit Breaker

A circuit breaker is a design pattern that detects repeated failures in a downstream service and “opens” — temporarily stopping requests to give the service time to recover. Prevents cascading failures.

Chaos Engineering

Chaos engineering is the practice of intentionally injecting failures into production to validate resilience. Popularised by Netflix’s Chaos Monkey.

FinOps & Cost Management

FinOps

FinOps is a practice that brings financial accountability to cloud spending — engineering, finance, and product teams collaborate on cost visibility, allocation, and optimisation.

On-Demand

On-demand pricing charges for what you use per second/hour, with no commitment. Flexible but most expensive.

Reserved Instance / Savings Plan

Reserved Instances (AWS) / Reserved Capacity (Azure, GCP) offer discounts (up to 75%) in exchange for 1- or 3-year commitments.

Spot Instance / Preemptible VM

Spot Instances (AWS) / Preemptible VMs (GCP) / Spot VMs (Azure) use spare cloud capacity at 60–90% discount — can be interrupted with short notice. Suitable for fault-tolerant batch workloads.

Rightsizing

Rightsizing means selecting the instance type that matches actual resource usage — avoiding over-provisioned (expensive) or under-provisioned (slow) instances.

CapEx vs. OpEx

  • CapEx (Capital Expenditure) — upfront investment in hardware; on-prem data centres
  • OpEx (Operational Expenditure) — ongoing usage costs; cloud computing

TCO (Total Cost of Ownership)

TCO analysis compares the full cost of on-prem vs. cloud — including hardware, power, facilities, staff, licensing, and opportunity cost.

Chargeback / Showback

Chargeback bills cloud costs back to internal teams. Showback reports costs without formal billing. Both require tagging resources by team and product.

Well-Architected Framework

The AWS Well-Architected Framework defines six pillars:

  1. Operational Excellence — deploy, monitor, and improve systematically
  2. Security — protect data and systems
  3. Reliability — recover from failures and meet demand
  4. Performance Efficiency — use resources efficiently
  5. Cost Optimisation — avoid unnecessary spending
  6. Sustainability — minimise environmental impact

“The Well-Architected Review identified two HRIs (High Risk Items) in the reliability pillar — we have no automated failover for the RDS primary.”

Well-Architected Review

A Well-Architected Review assesses a workload against the six pillars and produces a prioritised list of improvements.

Useful Phrases

In architecture reviews:

  • “The design meets the reliability pillar — we’re deploying across three AZs with automated failover.”
  • “The main trade-off is cost vs. latency — using a read replica in the same region adds $400/month but reduces P95 latency by 40%.”

In FinOps discussions:

  • “Our compute bill increased 30% last quarter despite flat traffic — rightsizing analysis shows we have 40 instances with less than 5% CPU utilisation.”

In DR planning:

  • “The RPO is 15 minutes, achieved by synchronous replication to a standby in a second AZ. The RTO is 10 minutes — measured in our last failover drill.”

Practice

Test your cloud vocabulary with the Cloud Architecture & FinOps exercise set and the DevOps & Cloud set — covering infrastructure, cost, and architecture concepts.

Explore the Cloud Architect learning path for exercises, writing practice (ADRs, proposals), and interview preparation.